Welcome back!!! We are at Part 3 of the blog series on NSX 4.0.1 Stateful Active-Active Gateways. In Part 1, we dealt with a single tier routing scenario with workload segments attached directly to a stateful A/A T0 gateway. In Part 2, we extended the topology to two tier, where the workload segments are attached…… Continue reading NSX 4.0.1 Stateful Active-Active Gateway – Part 3 – Routing Considerations and Packet Walks
NSX 4.0.1 Stateful Active-Active Gateway – Part 2 – Two Tier Routing
Welcome back!!! We are at Part 2 of the blog series on NSX Stateful Active-Active Gateways. In Part 1, we dealt with a single tier routing scenario where we had the logical segments attached to stateful A/A T0 Gateway and discussed about Edge sub-clusters, Interface groups, shadow and peer-shadow interfaces, traffic punting, edge node selection…… Continue reading NSX 4.0.1 Stateful Active-Active Gateway – Part 2 – Two Tier Routing
Ambassador – Office of the CTO (CTOA) VMware
I am excited to announce that I have been selected to be in the Ambassador – Office of the CTO (CTOA) program at VMware for the calendar year 2023-2024. I received this surprise invitation yesterday and I am so happy to be in this prestigious program where I can meet and work with a group…… Continue reading Ambassador – Office of the CTO (CTOA) VMware
NSX 4.0.1 Stateful Active-Active Gateway – Part 1 – Single Tier Routing
With the release of version 4.0.1, NSX introduced support for stateful services on T0 or T1 gateway running in Active-Active topologies. Prior to NSX 4.0.1, configuration of stateful services required to have the gateways configured in Active-Standby mode. The reason for this was asymmetric routing as the return path for traffic can be on a…… Continue reading NSX 4.0.1 Stateful Active-Active Gateway – Part 1 – Single Tier Routing
NSX Microsegmentation Part 2 : Transforming Architecture to Policies
Welcome back!!! Now that we developed the microsegmentation architecture for the fictitious customer Corp-XYZ, we will move ahead and transform the architecture to DFW policies. If you missed Part 1, you can read it below: https://vxplanet.com/2022/11/30/nsx-microsegmentation-part-1-developing-the-architecture/ Let’s get started: Defining tags and security boundaries (virtual zones) Based on the design decisions we developed in Part…… Continue reading NSX Microsegmentation Part 2 : Transforming Architecture to Policies
NSX Microsegmentation Part 1 : Developing the Architecture
Distributed Firewall (DFW) is one of the powerful security features of NSX. Distributed Firewall is an East-West Firewall used for network segmentation and microsegmentation to achieve zero-trust protection for the environment. The DFW exists in the kernel of the hypervisor and the rules are enforced at the vnic level of the virtual machines. DFW rules…… Continue reading NSX Microsegmentation Part 1 : Developing the Architecture
NSX Security : Trust on First Use (TOFU) and Trust on Every Use (TOEU) Explained
When dealing with Spoofguard, address learning and distributed firewall (DFW), we need to consider two modes under the IP discovery profile of segments called “Trust on First Use (TOFU)” and “Trust on Every Use (TOEU)”. Understanding these modes is important as this has a dependency with spoofguard as well as to avoid DFW bypassing in…… Continue reading NSX Security : Trust on First Use (TOFU) and Trust on Every Use (TOEU) Explained
NSX 4.0 Proxy ARP support on Active/Active Tier-0 Gateway
Until NSX-T version 3.2, Proxy ARP configuration on the T0 Gateway required that the gateway to be deployed in Active-Standby mode. I wrote an article around the same for use with vSphere with Tanzu during February last year. If you missed it, you can read it below: https://vxplanet.com/2021/02/12/nsx-t-architecture-in-vsphere-with-tanzu-part-4-proxy-arp-gateways/ To understand what Proxy ARP is, it…… Continue reading NSX 4.0 Proxy ARP support on Active/Active Tier-0 Gateway
NSX 4.0 Edge Node Design with four Datapath Interfaces
NSX-T introduced support for four datapath interfaces in release 3.2.1 which allows for more flexibility in achieving deterministic traffic flows for East-West and North-South traffic by decoupling the East-West TEP traffic and North-South traffic over BGP on separate interfaces on the edge nodes. Prior to release 3.2.1, we used named teaming policies for deterministic steering…… Continue reading NSX 4.0 Edge Node Design with four Datapath Interfaces
VMware Explore (VMworld) and how it has helped me over these years
I just registered for the biggest event of the year – VMware Explore 2022 US happening at the Moscone Center in San Francisco, California from Aug 29 – Sept 1, 2022. I am a big fan of VMware Explore event but have never attended in-person and this will be my first in-person experience at the…… Continue reading VMware Explore (VMworld) and how it has helped me over these years